Certec said the vulnerability affects its atvise scada Versions 2.3 and above.

An attacker exploiting the OpenSSL Heartbleed vulnerability may be able to obtain private keys of the target system. The attacker could then use this key to impersonate the authenticated user and perform a man-in-the-middle attack.

Certec EDV GmbH’s headquarters is in Austria. The affected product, atvise, is a web-based human-machine interface supervisory control and data acquisition (HMI/SCADA) system. According to Certec, atvise sees use in every field of industrial automation across the globe.

The atvise scada uses the OpenSSL cryptographic library and transport layer security (TLS) implementation Version 1.0.1, known to be vulnerable to the Heartbleed vulnerability.

CVE-2014-0160 is the case number assigned to this vulnerability, which has a CVSS v2 base score of 5.0.

An attacker with a low skill would be able to exploit this vulnerability.